How to generate ID token from default service account ? (`metadata`)
Zat42 opened this issue · 2 comments
Zat42 commented
To generate an ID token from a service account key file, I setup Goth like this :
credentials = "GOOGLE_APPLICATION_CREDENTIALS_JSON" |> System.fetch_env!() |> Jason.decode!()
source = {:service_account, credentials, ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"]}This is working fine and I can get an ID token that can be decoded and used for authentication. But if I deploy this instance to Cloud Run and use the default service account :
source = {:metadata, scopes: ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com"]}I can't get the ID token anymore and it always return an access token instead of an ID token
Also, :metadata is working fine for PubSub but not for ID token / audience. Any idea?
Zat42 commented
Edit: After checking deeper into code, this is actually not possible. I'll try to make a pull request to handle this if not out of scope.